Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please help me clean my PC

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Please help me clean my PC

Unread postby ryan_c » October 24th, 2008, 4:51 am

I have run malwarebytes 2 times now(on safe mode), but I still detect a trojan agent. I have just run comodo for the first time and it detect a dc4.exe. I am not sure but I think there are other malware on my pc. It seems when I run different kinds of scanner it detects different kinds of malwares that a previous scanner did not detect. Here are the hijackthis log files thanks.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:29:29 PM, on 10/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9LE.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jeffrey Torres\Desktop\CFP_Setup_3.0.25.378_XP_Vista_x32.exe
C:\Program Files\COMODO\Firewall\cfpconfg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [\\RODEL\EPSON Stylus Photo R1800] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9LE.EXE /P32 "\\RODEL\EPSON Stylus Photo R1800" /O6 "USB001" /M "Stylus Photo R1800"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{DBB70A2F-A6B1-4BF0-9470-A8281FFAC745}: NameServer = 202.78.97.41 210.4.2.61
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Alerter AlerterNetlogon (AlerterNetlogon) - Unknown owner - C:\WINDOWS\system32\wpv6860.cpx.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6541 bytes
ryan_c
Active Member
 
Posts: 8
Joined: October 24th, 2008, 4:27 am
Advertisement
Register to Remove

Re: Please help me clean my PC

Unread postby Shaba » October 25th, 2008, 5:00 am

Hi ryan_c

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Please help me clean my PC

Unread postby ryan_c » October 27th, 2008, 12:45 am

Logfile of random's system information tool 1.04 (written by random/random)
Run by Jeffrey Torres at 2008-10-27 12:54:54
Microsoft Windows XP Professional Service Pack 2
System drive C: has 28 GB (69%) free of 40 GB
Total RAM: 1023 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:58 PM, on 10/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9LE.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\wamp\wampmanager.exe
c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
C:\Program Files\Adobe\Adobe Flash CS3\Flash.exe
C:\Documents and Settings\Jeffrey Torres\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jeffrey Torres.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [\RODEL\EPSON Stylus Photo R1800] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9LE.EXE /P32 "\\RODEL\EPSON Stylus Photo R1800" /O6 "USB001" /M "Stylus Photo R1800"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\RunOnce: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfpconfg.exe" -z -o
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{DBB70A2F-A6B1-4BF0-9470-A8281FFAC745}: NameServer = 202.78.97.41 210.4.2.61
O20 - AppInit_DLLs:
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Alerter AlerterNetlogon (AlerterNetlogon) - Unknown owner - C:\WINDOWS\system32\wpv6860.cpx.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe

--
End of file - 6875 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 321120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2007-08-02 1826816]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-08-20 16384512]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-08-27 8466432]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-08-27 81920]
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe [2008-10-23 590848]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2006-10-22 620152]
""= []
"Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1884160]
"\RODEL\EPSON Stylus Photo R1800"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9LE.EXE [2004-09-08 98304]
"COMODO Firewall Pro"=C:\Program Files\COMODO\Firewall\cfp.exe -h []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"COMODO Firewall Pro"=C:\Program Files\COMODO\Firewall\cfpconfg.exe -z -o []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe
Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aliserv.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aliserv.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Grisoft\AVG7\avgemc.exe"="C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2008-10-27 10:37:33 ----D---- C:\Program Files\7-Zip
2008-10-27 09:24:57 ----D---- C:\WINDOWS\system32\appmgmt
2008-10-27 09:12:36 ----D---- C:\wamp
2008-10-25 17:55:41 ----D---- C:\rsit
2008-10-25 15:39:40 ----D---- C:\Program Files\uTorrent
2008-10-25 15:39:35 ----D---- C:\Documents and Settings\Jeffrey Torres\Application Data\uTorrent
2008-10-25 11:43:16 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-10-24 18:11:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-24 18:11:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-24 18:11:10 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-24 18:11:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-24 18:11:03 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
2008-10-24 18:11:00 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-24 18:10:57 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-24 18:10:53 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-24 18:10:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-24 18:10:46 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-24 18:10:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-24 18:10:35 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-24 18:10:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-10-24 18:10:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-24 18:10:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-24 18:10:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-10-24 18:10:12 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2008-10-24 18:10:07 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-24 18:10:04 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-24 18:09:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-10-24 18:09:46 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-10-24 17:04:37 ----D---- C:\WINDOWS\system32\PreInstall
2008-10-24 17:04:35 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-10-24 17:04:35 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-24 16:25:33 ----D---- C:\Documents and Settings\Jeffrey Torres\Application Data\Comodo
2008-10-24 16:25:31 ----D---- C:\Program Files\COMODO
2008-10-24 16:00:41 ----D---- C:\SDFix
2008-10-24 15:34:11 ----D---- C:\Program Files\Trend Micro
2008-10-24 15:10:07 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-10-24 13:01:22 ----ASH---- C:\WINDOWS\system32\adsnwz.dll
2008-10-24 10:46:15 ----RHD---- C:\$VAULT$.AVG
2008-10-23 16:40:28 ----D---- C:\WINDOWS\Minidump
2008-10-23 15:03:25 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-23 15:03:25 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-23 14:51:49 ----D---- C:\Documents and Settings\Jeffrey Torres\Application Data\Malwarebytes
2008-10-23 14:51:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-23 14:51:44 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-23 11:43:50 ----RSH---- C:\q3v.com
2008-10-23 11:43:24 ----RSH---- C:\WINDOWS\system32\wedasgads1.dll
2008-10-23 11:32:55 ----D---- C:\WINDOWS\pss
2008-10-23 11:32:26 ----RSH---- C:\uaacifr.cmd
2008-10-23 11:31:58 ----N---- C:\WINDOWS\system32\wedasgads0.dll
2008-10-23 11:21:22 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-23 10:11:18 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-10-23 09:55:38 ----D---- C:\Documents and Settings\Jeffrey Torres\Application Data\Macromedia
2008-10-23 09:54:22 ----D---- C:\Program Files\Common Files\Control Panels
2008-10-23 09:52:42 ----D---- C:\Documents and Settings\All Users\Application Data\ALM
2008-10-23 09:43:44 ----D---- C:\Program Files\QuickTime
2008-10-23 09:33:14 ----A---- C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-10-23 09:33:14 ----A---- C:\WINDOWS\system32\NPSWF32.dll
2008-10-23 09:24:35 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-10-23 09:13:11 ----D---- C:\Program Files\Bonjour
2008-10-23 09:07:36 ----D---- C:\Program Files\Adobe
2008-10-23 09:04:03 ----D---- C:\Program Files\Common Files\Macrovision Shared
2008-10-23 09:03:20 ----D---- C:\Documents and Settings\Jeffrey Torres\Application Data\Adobe
2008-10-23 09:01:36 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-10-23 09:01:26 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-10-23 09:01:06 ----D---- C:\Program Files\Common Files\Adobe
2008-10-22 18:00:43 ----D---- C:\Documents and Settings\Jeffrey Torres\Application Data\Mozilla
2008-10-22 18:00:30 ----D---- C:\Program Files\Mozilla Firefox
2008-10-22 17:56:21 ----D---- C:\Documents and Settings\Jeffrey Torres\Application Data\AVG7
2008-10-22 17:56:12 ----A---- C:\WINDOWS\system32\msvcr71.dll
2008-10-22 17:56:12 ----A---- C:\WINDOWS\system32\msvcp71.dll
2008-10-22 17:56:04 ----D---- C:\Program Files\Grisoft
2008-10-22 17:56:04 ----D---- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-10-22 17:56:04 ----D---- C:\Documents and Settings\All Users\Application Data\avg7
2008-10-22 17:19:58 ----SHD---- C:\RECYCLER
2008-10-22 17:08:43 ----D---- C:\Documents and Settings\All Users\Application Data\EPSON
2008-10-22 17:03:23 ----D---- C:\Program Files\EPSON
2008-10-22 16:47:44 ----D---- C:\Program Files\Kaspersky Lab
2008-10-22 16:46:36 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-22 16:36:55 ----D---- C:\WINDOWS\nview
2008-10-22 16:36:54 ----A---- C:\WINDOWS\system32\nvudisp.exe
2008-10-22 16:36:01 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2008-10-22 16:29:25 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-22 16:29:21 ----A---- C:\WINDOWS\Ascd_tmp.ini
2008-10-22 16:28:36 ----R---- C:\WINDOWS\Alcmtr.exe
2008-10-22 16:25:35 ----D---- C:\WINDOWS\ASUSInstAll
2008-10-22 16:25:04 ----A---- C:\WINDOWS\Ascd_log.ini
2008-10-22 16:20:06 ----R---- C:\WINDOWS\system32\ChCfg.exe
2008-10-22 16:19:53 ----R---- C:\WINDOWS\SoundMan.exe
2008-10-22 16:19:53 ----R---- C:\WINDOWS\SkyTel.exe
2008-10-22 16:19:52 ----R---- C:\WINDOWS\RtlUpd.exe
2008-10-22 16:19:49 ----R---- C:\WINDOWS\RTLCPL.exe
2008-10-22 16:19:43 ----R---- C:\WINDOWS\RTHDCPL.exe
2008-10-22 16:19:42 ----R---- C:\WINDOWS\MicCal.exe
2008-10-22 16:19:40 ----R---- C:\WINDOWS\alcwzrd.exe
2008-10-22 16:19:39 ----D---- C:\Program Files\Realtek
2008-10-22 16:19:38 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-22 16:19:32 ----R---- C:\WINDOWS\RtlExUpd.dll
2008-10-22 16:14:58 ----D---- C:\WINDOWS\system32\Lang
2008-10-22 16:07:38 ----A---- C:\WINDOWS\system32\difxapi.dll
2008-10-22 16:07:37 ----D---- C:\WINDOWS\vnDrvBas
2008-10-22 16:06:02 ----A---- C:\WINDOWS\AS_Debug.txt
2008-10-22 16:05:22 ----D---- C:\WINDOWS\system32\RTCOM
2008-10-22 16:05:20 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-10-22 16:04:55 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-10-22 16:04:54 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
2008-10-22 16:04:29 ----A---- C:\WINDOWS\HideWin.exe
2008-10-22 16:04:25 ----D---- C:\Program Files\Common Files\InstallShield
2008-10-22 15:59:58 ----D---- C:\Documents and Settings\Jeffrey Torres\Application Data\Identities
2008-10-22 15:59:56 ----HD---- C:\Program Files\Uninstall Information
2008-10-22 15:59:51 ----ASH---- C:\Documents and Settings\Jeffrey Torres\Application Data\desktop.ini
2008-10-22 15:59:50 ----SD---- C:\Documents and Settings\Jeffrey Torres\Application Data\Microsoft
2008-10-22 15:57:55 ----D---- C:\WINDOWS\SoftwareDistribution
2008-10-22 15:57:53 ----D---- C:\WINDOWS\Prefetch
2008-10-22 15:57:52 ----SD---- C:\WINDOWS\system32\Microsoft
2008-10-22 15:57:52 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-22 15:54:32 ----D---- C:\WINDOWS\system32\xircom
2008-10-22 15:54:32 ----D---- C:\Program Files\xerox
2008-10-22 15:54:32 ----D---- C:\Program Files\microsoft frontpage
2008-10-22 15:54:17 ----A---- C:\WINDOWS\control.ini
2008-10-22 15:54:17 ----A---- C:\AUTOEXEC.BAT
2008-10-22 15:54:07 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-22 15:54:04 ----A---- C:\WINDOWS\system32\mapi32.dll
2008-10-22 15:53:19 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-22 15:53:19 ----RD---- C:\WINDOWS\Offline Web Pages
2008-10-22 15:53:19 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-10-22 15:53:13 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-10-22 15:53:09 ----HD---- C:\Program Files\WindowsUpdate
2008-10-22 15:52:51 ----D---- C:\WINDOWS\system32\DirectX
2008-10-22 15:52:31 ----A---- C:\WINDOWS\system32\atrace.dll
2008-10-22 15:52:29 ----A---- C:\WINDOWS\system32\desktop.ini
2008-10-22 15:52:29 ----A---- C:\WINDOWS\desktop.ini
2008-10-22 15:52:22 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-10-22 15:52:20 ----D---- C:\Program Files\Common Files\Services
2008-10-22 15:52:20 ----A---- C:\WINDOWS\system32\acctres.dll
2008-10-22 15:52:17 ----SD---- C:\WINDOWS\Tasks
2008-10-22 15:52:17 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-10-22 15:52:16 ----D---- C:\Program Files\Common Files\MSSoap
2008-10-22 15:52:13 ----D---- C:\WINDOWS\srchasst
2008-10-22 15:52:12 ----D---- C:\WINDOWS\system32\Macromed
2008-10-22 15:52:09 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-22 15:52:09 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-22 15:52:09 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-10-22 15:52:09 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2008-10-22 15:52:08 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-22 15:52:08 ----A---- C:\WINDOWS\system32\wuaueng.dll.wusetup.6286281.bak
2008-10-22 15:52:08 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-22 15:52:08 ----A---- C:\WINDOWS\system32\wuaucpl.cpl.wusetup.6286062.bak
2008-10-22 15:52:08 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2008-10-22 15:52:08 ----A---- C:\WINDOWS\system32\wuauclt.exe.wusetup.6285875.bak
2008-10-22 15:52:08 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-22 15:52:08 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-22 15:52:08 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2008-10-22 15:52:08 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2008-10-22 15:52:07 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-10-22 15:52:07 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-10-22 15:52:05 ----D---- C:\Program Files\Movie Maker
2008-10-22 15:52:00 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-10-22 15:52:00 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-10-22 15:52:00 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-10-22 15:52:00 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-10-22 15:51:57 ----D---- C:\WINDOWS\system32\Restore
2008-10-22 15:51:57 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-10-22 15:51:57 ----A---- C:\WINDOWS\system32\fltMc.exe
2008-10-22 15:51:57 ----A---- C:\WINDOWS\system32\fltlib.dll
2008-10-22 15:51:56 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-10-22 15:51:56 ----A---- C:\WINDOWS\system32\srclient.dll
2008-10-22 15:51:56 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-10-22 15:51:56 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-10-22 15:51:56 ----A---- C:\WINDOWS\system32\ils.dll
2008-10-22 15:51:55 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-10-22 15:51:55 ----A---- C:\WINDOWS\system32\msconf.dll
2008-10-22 15:51:55 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-10-22 15:51:53 ----D---- C:\Program Files\NetMeeting
2008-10-22 15:51:53 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-10-22 15:51:52 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-10-22 15:51:52 ----A---- C:\WINDOWS\system32\inetres.dll
2008-10-22 15:51:51 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-10-22 15:51:50 ----D---- C:\Program Files\Outlook Express
2008-10-22 15:51:50 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-10-22 15:51:49 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-10-22 15:51:49 ----A---- C:\WINDOWS\system32\mstask.dll
2008-10-22 15:51:49 ----A---- C:\WINDOWS\system32\isign32.dll
2008-10-22 15:51:49 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-10-22 15:51:49 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-10-22 15:51:49 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-10-22 15:51:43 ----D---- C:\Program Files\Common Files\System
2008-10-22 15:51:40 ----D---- C:\Program Files\Internet Explorer
2008-10-22 15:51:11 ----D---- C:\Program Files\ComPlus Applications
2008-10-22 15:51:10 ----A---- C:\WINDOWS\vbaddin.ini
2008-10-22 15:51:10 ----A---- C:\WINDOWS\vb.ini
2008-10-22 15:51:06 ----D---- C:\WINDOWS\Registration
2008-10-22 15:50:59 ----D---- C:\Program Files\Windows Media Player
2008-10-22 15:50:59 ----D---- C:\Program Files\Online Services
2008-10-22 15:50:55 ----D---- C:\Program Files\Messenger
2008-10-22 15:50:51 ----D---- C:\Program Files\MSN Gaming Zone
2008-10-22 15:50:51 ----A---- C:\WINDOWS\system32\write.exe
2008-10-22 15:50:42 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-10-22 15:50:42 ----A---- C:\WINDOWS\system32\hticons.dll
2008-10-22 15:50:42 ----A---- C:\WINDOWS\system32\avwav.dll
2008-10-22 15:50:42 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-10-22 15:50:41 ----A---- C:\WINDOWS\system32\winchat.exe
2008-10-22 15:50:41 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-10-22 15:50:34 ----A---- C:\WINDOWS\system32\getuname.dll
2008-10-22 15:50:34 ----A---- C:\WINDOWS\system32\charmap.exe
2008-10-22 15:50:33 ----A---- C:\WINDOWS\system32\winmine.exe
2008-10-22 15:50:33 ----A---- C:\WINDOWS\system32\sol.exe
2008-10-22 15:50:33 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-10-22 15:50:33 ----A---- C:\WINDOWS\system32\calc.exe
2008-10-22 15:50:32 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2008-10-22 15:50:32 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-10-22 15:50:32 ----A---- C:\WINDOWS\system32\tslabels.ini
2008-10-22 15:50:32 ----A---- C:\WINDOWS\system32\tskill.exe
2008-10-22 15:50:32 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-10-22 15:50:32 ----A---- C:\WINDOWS\system32\tscon.exe
2008-10-22 15:50:32 ----A---- C:\WINDOWS\system32\shadow.exe
2008-10-22 15:50:32 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-10-22 15:50:32 ----A---- C:\WINDOWS\system32\reset.exe
2008-10-22 15:50:32 ----A---- C:\WINDOWS\system32\regini.exe
2008-10-22 15:50:32 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-10-22 15:50:32 ----A---- C:\WINDOWS\system32\freecell.exe
2008-10-22 15:50:31 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-10-22 15:50:31 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-10-22 15:50:31 ----A---- C:\WINDOWS\system32\msg.exe
2008-10-22 15:50:31 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2008-10-22 15:50:31 ----A---- C:\WINDOWS\system32\logoff.exe
2008-10-22 15:50:31 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-10-22 15:50:30 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-10-22 15:50:30 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-10-22 15:50:30 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-10-22 15:50:30 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-10-22 15:50:29 ----A---- C:\WINDOWS\system32\stclient.dll
2008-10-22 15:50:29 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-10-22 15:50:29 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-10-22 15:50:29 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-10-22 15:50:24 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2008-10-22 15:50:15 ----D---- C:\Program Files\MSN
2008-10-22 15:50:14 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-10-22 15:50:14 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-10-22 15:50:14 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-10-22 15:50:13 ----D---- C:\Program Files\Windows NT
2008-10-22 15:50:13 ----A---- C:\WINDOWS\system32\spider.exe
2008-10-22 15:50:13 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-10-22 15:50:13 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-10-22 15:50:13 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-10-22 15:50:12 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-10-22 15:50:12 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-10-22 15:50:12 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-10-22 15:50:11 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2008-10-22 15:50:11 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-10-22 15:50:11 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-10-22 15:50:11 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-10-22 15:50:11 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-10-22 15:50:11 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-10-22 15:50:11 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-10-22 15:50:11 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-10-22 15:50:11 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-10-22 15:50:11 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-10-22 15:50:11 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-10-22 15:50:10 ----D---- C:\WINDOWS\system32\MsDtc
2008-10-22 15:50:10 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-10-22 15:50:10 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-10-22 15:50:10 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-10-22 15:50:10 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-10-22 15:50:10 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-10-22 15:50:09 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-10-22 15:50:09 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-10-22 15:50:09 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-10-22 15:50:09 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-10-22 15:50:08 ----D---- C:\WINDOWS\system32\Com
2008-10-22 15:50:08 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-10-22 15:50:08 ----A---- C:\WINDOWS\system32\colbact.dll
2008-10-22 15:50:08 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-10-22 15:50:08 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-10-22 15:50:08 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-10-22 15:50:08 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-10-22 15:50:07 ----A---- C:\WINDOWS\system32\comuid.dll
2008-10-22 15:50:07 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-10-22 15:50:01 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-10-22 15:50:01 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-10-22 15:50:01 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-10-22 15:50:01 ----A---- C:\WINDOWS\system32\cmprops.dll
2008-10-22 08:49:18 ----A---- C:\WINDOWS\system32\h323log.txt
2008-10-22 08:23:03 ----A---- C:\WINDOWS\system32\usbui.dll
2008-10-22 08:22:13 ----A---- C:\WINDOWS\imsins.BAK
2008-10-22 08:22:10 ----SHD---- C:\WINDOWS\Installer
2008-10-22 08:22:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-22 08:22:09 ----D---- C:\Program Files\Common Files\ODBC
2008-10-22 08:22:09 ----A---- C:\WINDOWS\ODBCINST.INI
2008-10-22 08:22:06 ----RD---- C:\Program Files
2008-10-22 08:22:06 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-10-22 08:22:06 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-22 08:22:06 ----D---- C:\Program Files\Common Files
2008-10-22 08:22:03 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2008-10-22 08:22:03 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2008-10-22 08:22:03 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2008-10-22 08:22:01 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2008-10-22 08:22:01 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2008-10-22 08:22:01 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2008-10-22 08:22:01 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2008-10-22 08:22:00 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2008-10-22 08:22:00 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2008-10-22 08:22:00 ----RA---- C:\WINDOWS\system32\kbdur.dll
2008-10-22 08:22:00 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2008-10-22 08:22:00 ----RA---- C:\WINDOWS\system32\kbdru.dll
2008-10-22 08:22:00 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2008-10-22 08:22:00 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2008-10-22 08:22:00 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2008-10-22 08:21:58 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2008-10-22 08:21:58 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2008-10-22 08:21:58 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2008-10-22 08:21:58 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2008-10-22 08:21:58 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2008-10-22 08:21:58 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2008-10-22 08:21:58 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2008-10-22 08:21:57 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2008-10-22 08:21:57 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2008-10-22 08:21:57 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2008-10-22 08:21:57 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2008-10-22 08:21:57 ----RA---- C:\WINDOWS\system32\kbdest.dll
2008-10-22 08:21:54 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2008-10-22 08:21:54 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2008-10-22 08:21:54 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2008-10-22 08:21:54 ----RA---- C:\WINDOWS\system32\kbdro.dll
2008-10-22 08:21:54 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2008-10-22 08:21:54 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2008-10-22 08:21:54 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2008-10-22 08:21:54 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2008-10-22 08:21:54 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2008-10-22 08:21:54 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2008-10-22 08:21:54 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2008-10-22 08:21:54 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2008-10-22 08:21:54 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2008-10-22 08:21:52 ----A---- C:\WINDOWS\system32\irclass.dll
2008-10-22 08:21:52 ----A---- C:\WINDOWS\system32\dgsetup.dll
2008-10-22 08:21:52 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-10-22 08:21:51 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-10-22 08:21:51 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-10-22 08:21:49 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2008-10-22 08:21:49 ----A---- C:\WINDOWS\TASKMAN.EXE
2008-10-22 08:21:48 ----A---- C:\WINDOWS\system32\batt.dll
2008-10-22 08:21:47 ----A---- C:\WINDOWS\system32\storprop.dll
2008-10-22 08:21:47 ----A---- C:\WINDOWS\NOTEPAD.EXE
2008-10-22 08:21:40 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-10-22 08:21:36 ----RA---- C:\WINDOWS\SET8.tmp
2008-10-22 08:21:33 ----RA---- C:\WINDOWS\SET4.tmp
2008-10-22 08:21:32 ----RA---- C:\WINDOWS\SET3.tmp
2008-10-22 08:21:28 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-22 08:21:28 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-22 08:21:22 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-22 08:21:04 ----A---- C:\WINDOWS\setuplog.txt
2008-10-22 08:21:01 ----D---- C:\Documents and Settings
2008-10-22 08:19:56 ----SH---- C:\boot.ini
2008-10-22 08:19:14 ----SHD---- C:\System Volume Information
2008-10-22 08:16:00 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-22 08:16:00 ----RSD---- C:\WINDOWS\Fonts
2008-10-22 08:16:00 ----RD---- C:\WINDOWS\Web
2008-10-22 08:16:00 ----HD---- C:\WINDOWS\inf
2008-10-22 08:16:00 ----D---- C:\WINDOWS\WinSxS
2008-10-22 08:16:00 ----D---- C:\WINDOWS\twain_32
2008-10-22 08:16:00 ----D---- C:\WINDOWS\Temp
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\wins
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\wbem
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\usmt
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\spool
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\ShellExt
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\Setup
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\ras
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\oobe
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\npp
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\mui
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\inetsrv
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\IME
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\icsxml
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\ias
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\export
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\drivers
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\dhcp
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\config
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\3com_dmi
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\3076
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\2052
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\1054
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\1042
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\1041
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\1037
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\1033
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\1031
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\1028
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\1025
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system
2008-10-22 08:16:00 ----D---- C:\WINDOWS\security
2008-10-22 08:16:00 ----D---- C:\WINDOWS\Resources
2008-10-22 08:16:00 ----D---- C:\WINDOWS\repair
2008-10-22 08:16:00 ----D---- C:\WINDOWS\Provisioning
2008-10-22 08:16:00 ----D---- C:\WINDOWS\PeerNet
2008-10-22 08:16:00 ----D---- C:\WINDOWS\pchealth
2008-10-22 08:16:00 ----D---- C:\WINDOWS\mui
2008-10-22 08:16:00 ----D---- C:\WINDOWS\msapps
2008-10-22 08:16:00 ----D---- C:\WINDOWS\msagent
2008-10-22 08:16:00 ----D---- C:\WINDOWS\Media
2008-10-22 08:16:00 ----D---- C:\WINDOWS\java
2008-10-22 08:16:00 ----D---- C:\WINDOWS\ime
2008-10-22 08:16:00 ----D---- C:\WINDOWS\Help
2008-10-22 08:16:00 ----D---- C:\WINDOWS\ehome
2008-10-22 08:16:00 ----D---- C:\WINDOWS\Driver Cache
2008-10-22 08:16:00 ----D---- C:\WINDOWS\Debug
2008-10-22 08:16:00 ----D---- C:\WINDOWS\Cursors
2008-10-22 08:16:00 ----D---- C:\WINDOWS\Connection Wizard
2008-10-22 08:16:00 ----D---- C:\WINDOWS\Config
2008-10-22 08:16:00 ----D---- C:\WINDOWS\AppPatch
2008-10-22 08:16:00 ----D---- C:\WINDOWS\addins
2008-10-22 08:16:00 ----D---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2008-10-22 15:54:17 ----A---- C:\WINDOWS\win.ini
2008-10-22 08:22:05 ----A---- C:\WINDOWS\system.ini
2008-10-15 09:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2008-10-22 821856]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2008-10-22 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2008-10-22 27776]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2008-10-22 10760]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096]
R2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2008-10-22 4960]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-08-28 4609024]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-14 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-08-27 6811168]
R3 SiSGbeXP;SiS191/SiS190 Ethernet Device NDIS 5.1 Driver; C:\WINDOWS\system32\DRIVERS\SiSGbeXP.sys [2006-12-19 41600]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
S2 lnrpstwv;lnrpstwv; \??\C:\WINDOWS\system32\drivers\lnrpstwv.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-03 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe [2008-10-22 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe [2008-10-22 49664]
R2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVG7\avgemc.exe [2008-10-22 406528]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-08-27 155716]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-10-23 654848]
R3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe [2008-01-18 24635]
R3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe [2008-04-17 5750784]
S2 AlerterNetlogon;Alerter AlerterNetlogon; C:\WINDOWS\system32\wpv6860.cpx srv []
S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]

-----------------EOF-----------------
ryan_c
Active Member
 
Posts: 8
Joined: October 24th, 2008, 4:27 am

Re: Please help me clean my PC

Unread postby ryan_c » October 27th, 2008, 12:49 am

I run RSIT, that's the log file, but I am wondering it did not show the "info" file.
ryan_c
Active Member
 
Posts: 8
Joined: October 24th, 2008, 4:27 am

Re: Please help me clean my PC

Unread postby Shaba » October 27th, 2008, 6:00 am

We will come to that a bit later.

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

uTorrent

I'd like you to read the MRU policy for P2P Programs.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Delete these folders afterwards:

C:\Program Files\uTorrent
C:\Documents and Settings\Jeffrey Torres\Application Data\uTorrent

Empty Recycle Bin.

Please run a new RSIT scan when finished and post the log back here.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Please help me clean my PC

Unread postby ryan_c » October 28th, 2008, 11:59 pm

I remove the uTorrent, here is the log of RSIT, thanks.



Logfile of random's system information tool 1.04 (written by random/random)
Run by Jeffrey Torres at 2008-10-29 12:07:13
Microsoft Windows XP Professional Service Pack 2
System drive C: has 27 GB (67%) free of 40 GB
Total RAM: 1023 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:07:25 PM, on 10/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9LE.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Jeffrey Torres\Desktop\RSIT(2).exe
C:\Program Files\trend micro\Jeffrey Torres.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [\RODEL\EPSON Stylus Photo R1800] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9LE.EXE /P32 "\\RODEL\EPSON Stylus Photo R1800" /O6 "USB001" /M "Stylus Photo R1800"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\RunOnce: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfpconfg.exe" -z -o
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{DBB70A2F-A6B1-4BF0-9470-A8281FFAC745}: NameServer = 202.78.97.41 210.4.2.61
O20 - AppInit_DLLs:
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Alerter AlerterNetlogon (AlerterNetlogon) - Unknown owner - C:\WINDOWS\system32\wpv6860.cpx.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe

--
End of file - 6707 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 321120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2007-08-02 1826816]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-08-20 16384512]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-08-27 8466432]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-08-27 81920]
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe [2008-10-23 590848]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2006-10-22 620152]
""= []
"Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1884160]
"\RODEL\EPSON Stylus Photo R1800"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9LE.EXE [2004-09-08 98304]
"COMODO Firewall Pro"=C:\Program Files\COMODO\Firewall\cfp.exe -h []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"COMODO Firewall Pro"=C:\Program Files\COMODO\Firewall\cfpconfg.exe -z -o []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe
Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aliserv.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aliserv.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableCMD"=0
"DisableTaskMgr"=0
"NoDispCpl"=0
"NoDispSettingsPage"=0
"NoDispAppearancePage"=0
"NoDispScrSavPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCMD"=0
"DisableTaskMgr"=0
"NoDispCpl"=0
"NoDispSettingsPage"=0
"NoDispAppearancePage"=0
"NoDispScrSavPage"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=223
"RestrictRun"=0
"NoFolderOptions"=0
"NoRun"=0
"NoFind"=0
"NoDesktop"=0
"NoStartMenuEjectPC"=0
"NoSimpleStartMenu"=0
"NoWindowsUpdate"=0
"NoStartMenuMyMusic"=0
"NoSMMyPictures"=0
"NoFavoritesMenu"=0
"NoResolveSearch"=0
"NoResolveTrack"=0
"StartMenuLogoff"=0
"NoClose"=0
"NoInstrumentation"=0
"NoUserNameInStartMenu"=0
"EnforceShellExtensionSecurity"=0
"NoActiveDesktop"=0
"NoActiveDesktopChanges"=0
"NoDrives"=0
"NoFileAssociate"=0
"NoSetFolders"=0
"NoViewContextMenu"=0
"NoTrayContextMenu"=0
"RestrictCpl"=0
"NoStartMenuMorePrograms"=0
"NoThemesTab"=0
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoFolderOptions"=
"NoRun"=
"NoFind"=
"RestrictRun"=
"NoDriveTypeAutoRun"=
"NoDesktop"=
"NoStartMenuEjectPC"=
"NoSimpleStartMenu"=
"NoWindowsUpdate"=
"NoStartMenuMyMusic"=
"NoSMMyPictures"=
"NoFavoritesMenu"=
"NoResolveSearch"=
"NoResolveTrack"=
"StartMenuLogoff"=
"NoClose"=
"NoInstrumentation"=
"NoUserNameInStartMenu"=
"EnforceShellExtensionSecurity"=
"NoActiveDesktop"=
"NoActiveDesktopChanges"=
"NoDrives"=
"NoFileAssociate"=
"NoSetFolders"=
"NoViewContextMenu"=
"NoTrayContextMenu"=
"RestrictCpl"=
"NoThemesTab"=
"ForceActiveDesktopOn"=
"NoStartMenuMorePrograms"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Grisoft\AVG7\avgemc.exe"="C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\A]
shell\explore\command - "%1" %*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\B]
shell\explore\command - "%1" %*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
shell\explore\command - "%1" %*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\explore\command - "%1" %*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\explore\command - "%1" %*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\explore\command - "%1" %*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\explore\command - "%1" %*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
shell\explore\command - "%1" %*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
shell\explore\command - "%1" %*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
shell\explore\command - "%1" %*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
shell\explore\command - "%1" %*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
shell\explore\command - "%1" %*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
shell\explore\command - "%1" %*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\N]
shell\explore\command - "%1" %*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\O]
shell\explore\command - "%1" %*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\P]
shell\explore\command - "%1" %*


======File associations======

.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2008-10-27 13:04:32 ----A---- C:\WINDOWS\unvise32.exe
2008-10-27 13:04:30 ----D---- C:\Program Files\SWiSHmax
2008-10-27 10:37:33 ----D---- C:\Program Files\7-Zip
2008-10-27 09:24:57 ----D---- C:\WINDOWS\system32\appmgmt
2008-10-27 09:12:36 ----D---- C:\wamp
2008-10-25 17:55:41 ----D---- C:\rsit
2008-10-25 15:39:35 ----D---- C:\Documents and Settings\Jeffrey Torres\Application Data\uTorrent
2008-10-25 11:43:16 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-10-24 18:11:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-24 18:11:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-24 18:11:10 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-24 18:11:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-24 18:11:03 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
2008-10-24 18:11:00 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-24 18:10:57 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-24 18:10:53 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-24 18:10:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-24 18:10:46 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-24 18:10:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-24 18:10:35 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-24 18:10:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-10-24 18:10:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-24 18:10:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-24 18:10:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-10-24 18:10:12 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2008-10-24 18:10:07 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-24 18:10:04 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-24 18:09:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-10-24 18:09:46 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-10-24 17:04:37 ----D---- C:\WINDOWS\system32\PreInstall
2008-10-24 17:04:35 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-10-24 17:04:35 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-24 16:25:33 ----D---- C:\Documents and Settings\Jeffrey Torres\Application Data\Comodo
2008-10-24 16:25:31 ----D---- C:\Program Files\COMODO
2008-10-24 16:00:41 ----D---- C:\SDFix
2008-10-24 15:34:11 ----D---- C:\Program Files\Trend Micro
2008-10-24 15:10:07 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-10-24 13:01:22 ----ASH---- C:\WINDOWS\system32\adsnwz.dll
2008-10-24 10:46:15 ----RHD---- C:\$VAULT$.AVG
2008-10-23 16:40:28 ----D---- C:\WINDOWS\Minidump
2008-10-23 15:03:25 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-23 15:03:25 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-23 14:51:49 ----D---- C:\Documents and Settings\Jeffrey Torres\Application Data\Malwarebytes
2008-10-23 14:51:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-23 14:51:44 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-23 11:43:50 ----RSH---- C:\q3v.com
2008-10-23 11:43:24 ----RSH---- C:\WINDOWS\system32\wedasgads1.dll
2008-10-23 11:32:55 ----D---- C:\WINDOWS\pss
2008-10-23 11:32:26 ----RSH---- C:\uaacifr.cmd
2008-10-23 11:31:58 ----N---- C:\WINDOWS\system32\wedasgads0.dll
2008-10-23 11:21:22 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-23 10:11:18 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-10-23 09:55:38 ----D---- C:\Documents and Settings\Jeffrey Torres\Application Data\Macromedia
2008-10-23 09:54:22 ----D---- C:\Program Files\Common Files\Control Panels
2008-10-23 09:52:42 ----D---- C:\Documents and Settings\All Users\Application Data\ALM
2008-10-23 09:43:44 ----D---- C:\Program Files\QuickTime
2008-10-23 09:33:14 ----A---- C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-10-23 09:33:14 ----A---- C:\WINDOWS\system32\NPSWF32.dll
2008-10-23 09:24:35 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-10-23 09:13:11 ----D---- C:\Program Files\Bonjour
2008-10-23 09:07:36 ----D---- C:\Program Files\Adobe
2008-10-23 09:04:03 ----D---- C:\Program Files\Common Files\Macrovision Shared
2008-10-23 09:03:20 ----D---- C:\Documents and Settings\Jeffrey Torres\Application Data\Adobe
2008-10-23 09:01:36 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-10-23 09:01:26 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-10-23 09:01:06 ----D---- C:\Program Files\Common Files\Adobe
2008-10-22 18:00:43 ----D---- C:\Documents and Settings\Jeffrey Torres\Application Data\Mozilla
2008-10-22 18:00:30 ----D---- C:\Program Files\Mozilla Firefox
2008-10-22 17:56:21 ----D---- C:\Documents and Settings\Jeffrey Torres\Application Data\AVG7
2008-10-22 17:56:12 ----A---- C:\WINDOWS\system32\msvcr71.dll
2008-10-22 17:56:12 ----A---- C:\WINDOWS\system32\msvcp71.dll
2008-10-22 17:56:04 ----D---- C:\Program Files\Grisoft
2008-10-22 17:56:04 ----D---- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-10-22 17:56:04 ----D---- C:\Documents and Settings\All Users\Application Data\avg7
2008-10-22 17:19:58 ----SHD---- C:\RECYCLER
2008-10-22 17:08:43 ----D---- C:\Documents and Settings\All Users\Application Data\EPSON
2008-10-22 17:03:23 ----D---- C:\Program Files\EPSON
2008-10-22 16:47:44 ----D---- C:\Program Files\Kaspersky Lab
2008-10-22 16:46:36 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-22 16:36:55 ----D---- C:\WINDOWS\nview
2008-10-22 16:36:54 ----A---- C:\WINDOWS\system32\nvudisp.exe
2008-10-22 16:36:01 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2008-10-22 16:29:25 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-22 16:29:21 ----A---- C:\WINDOWS\Ascd_tmp.ini
2008-10-22 16:28:36 ----R---- C:\WINDOWS\Alcmtr.exe
2008-10-22 16:25:35 ----D---- C:\WINDOWS\ASUSInstAll
2008-10-22 16:25:04 ----A---- C:\WINDOWS\Ascd_log.ini
2008-10-22 16:20:06 ----R---- C:\WINDOWS\system32\ChCfg.exe
2008-10-22 16:19:53 ----R---- C:\WINDOWS\SoundMan.exe
2008-10-22 16:19:53 ----R---- C:\WINDOWS\SkyTel.exe
2008-10-22 16:19:52 ----R---- C:\WINDOWS\RtlUpd.exe
2008-10-22 16:19:49 ----R---- C:\WINDOWS\RTLCPL.exe
2008-10-22 16:19:43 ----R---- C:\WINDOWS\RTHDCPL.exe
2008-10-22 16:19:42 ----R---- C:\WINDOWS\MicCal.exe
2008-10-22 16:19:40 ----R---- C:\WINDOWS\alcwzrd.exe
2008-10-22 16:19:39 ----D---- C:\Program Files\Realtek
2008-10-22 16:19:38 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-22 16:19:32 ----R---- C:\WINDOWS\RtlExUpd.dll
2008-10-22 16:14:58 ----D---- C:\WINDOWS\system32\Lang
2008-10-22 16:07:38 ----A---- C:\WINDOWS\system32\difxapi.dll
2008-10-22 16:07:37 ----D---- C:\WINDOWS\vnDrvBas
2008-10-22 16:06:02 ----A---- C:\WINDOWS\AS_Debug.txt
2008-10-22 16:05:22 ----D---- C:\WINDOWS\system32\RTCOM
2008-10-22 16:05:20 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-10-22 16:04:55 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-10-22 16:04:54 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
2008-10-22 16:04:29 ----A---- C:\WINDOWS\HideWin.exe
2008-10-22 16:04:25 ----D---- C:\Program Files\Common Files\InstallShield
2008-10-22 15:59:58 ----D---- C:\Documents and Settings\Jeffrey Torres\Application Data\Identities
2008-10-22 15:59:56 ----HD---- C:\Program Files\Uninstall Information
2008-10-22 15:59:51 ----ASH---- C:\Documents and Settings\Jeffrey Torres\Application Data\desktop.ini
2008-10-22 15:59:50 ----SD---- C:\Documents and Settings\Jeffrey Torres\Application Data\Microsoft
2008-10-22 15:57:55 ----D---- C:\WINDOWS\SoftwareDistribution
2008-10-22 15:57:53 ----D---- C:\WINDOWS\Prefetch
2008-10-22 15:57:52 ----SD---- C:\WINDOWS\system32\Microsoft
2008-10-22 15:57:52 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-22 15:54:32 ----D---- C:\WINDOWS\system32\xircom
2008-10-22 15:54:32 ----D---- C:\Program Files\xerox
2008-10-22 15:54:32 ----D---- C:\Program Files\microsoft frontpage
2008-10-22 15:54:17 ----A---- C:\WINDOWS\control.ini
2008-10-22 15:54:17 ----A---- C:\AUTOEXEC.BAT
2008-10-22 15:54:07 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-22 15:54:04 ----A---- C:\WINDOWS\system32\mapi32.dll
2008-10-22 15:53:19 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-22 15:53:19 ----RD---- C:\WINDOWS\Offline Web Pages
2008-10-22 15:53:19 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-10-22 15:53:13 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-10-22 15:53:09 ----HD---- C:\Program Files\WindowsUpdate
2008-10-22 15:52:51 ----D---- C:\WINDOWS\system32\DirectX
2008-10-22 15:52:31 ----A---- C:\WINDOWS\system32\atrace.dll
2008-10-22 15:52:29 ----A---- C:\WINDOWS\system32\desktop.ini
2008-10-22 15:52:29 ----A---- C:\WINDOWS\desktop.ini
2008-10-22 15:52:22 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-10-22 15:52:20 ----D---- C:\Program Files\Common Files\Services
2008-10-22 15:52:20 ----A---- C:\WINDOWS\system32\acctres.dll
2008-10-22 15:52:17 ----SD---- C:\WINDOWS\Tasks
2008-10-22 15:52:17 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-10-22 15:52:16 ----D---- C:\Program Files\Common Files\MSSoap
2008-10-22 15:52:13 ----D---- C:\WINDOWS\srchasst
2008-10-22 15:52:12 ----D---- C:\WINDOWS\system32\Macromed
2008-10-22 15:52:09 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-22 15:52:09 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-22 15:52:09 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-10-22 15:52:09 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2008-10-22 15:52:08 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-22 15:52:08 ----A---- C:\WINDOWS\system32\wuaueng.dll.wusetup.6286281.bak
2008-10-22 15:52:08 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-22 15:52:08 ----A---- C:\WINDOWS\system32\wuaucpl.cpl.wusetup.6286062.bak
2008-10-22 15:52:08 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2008-10-22 15:52:08 ----A---- C:\WINDOWS\system32\wuauclt.exe.wusetup.6285875.bak
2008-10-22 15:52:08 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-22 15:52:08 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-22 15:52:08 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2008-10-22 15:52:08 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2008-10-22 15:52:07 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-10-22 15:52:07 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-10-22 15:52:05 ----D---- C:\Program Files\Movie Maker
2008-10-22 15:52:00 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-10-22 15:52:00 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-10-22 15:52:00 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-10-22 15:52:00 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-10-22 15:51:57 ----D---- C:\WINDOWS\system32\Restore
2008-10-22 15:51:57 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-10-22 15:51:57 ----A---- C:\WINDOWS\system32\fltMc.exe
2008-10-22 15:51:57 ----A---- C:\WINDOWS\system32\fltlib.dll
2008-10-22 15:51:56 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-10-22 15:51:56 ----A---- C:\WINDOWS\system32\srclient.dll
2008-10-22 15:51:56 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-10-22 15:51:56 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-10-22 15:51:56 ----A---- C:\WINDOWS\system32\ils.dll
2008-10-22 15:51:55 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-10-22 15:51:55 ----A---- C:\WINDOWS\system32\msconf.dll
2008-10-22 15:51:55 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-10-22 15:51:53 ----D---- C:\Program Files\NetMeeting
2008-10-22 15:51:53 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-10-22 15:51:52 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-10-22 15:51:52 ----A---- C:\WINDOWS\system32\inetres.dll
2008-10-22 15:51:51 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-10-22 15:51:50 ----D---- C:\Program Files\Outlook Express
2008-10-22 15:51:50 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-10-22 15:51:49 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-10-22 15:51:49 ----A---- C:\WINDOWS\system32\mstask.dll
2008-10-22 15:51:49 ----A---- C:\WINDOWS\system32\isign32.dll
2008-10-22 15:51:49 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-10-22 15:51:49 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-10-22 15:51:49 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-10-22 15:51:43 ----D---- C:\Program Files\Common Files\System
2008-10-22 15:51:40 ----D---- C:\Program Files\Internet Explorer
2008-10-22 15:51:11 ----D---- C:\Program Files\ComPlus Applications
2008-10-22 15:51:10 ----A---- C:\WINDOWS\vbaddin.ini
2008-10-22 15:51:10 ----A---- C:\WINDOWS\vb.ini
2008-10-22 15:51:06 ----D---- C:\WINDOWS\Registration
2008-10-22 15:50:59 ----D---- C:\Program Files\Windows Media Player
2008-10-22 15:50:59 ----D---- C:\Program Files\Online Services
2008-10-22 15:50:55 ----D---- C:\Program Files\Messenger
2008-10-22 15:50:51 ----D---- C:\Program Files\MSN Gaming Zone
2008-10-22 15:50:51 ----A---- C:\WINDOWS\system32\write.exe
2008-10-22 15:50:42 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-10-22 15:50:42 ----A---- C:\WINDOWS\system32\hticons.dll
2008-10-22 15:50:42 ----A---- C:\WINDOWS\system32\avwav.dll
2008-10-22 15:50:42 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-10-22 15:50:41 ----A---- C:\WINDOWS\system32\winchat.exe
2008-10-22 15:50:41 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-10-22 15:50:34 ----A---- C:\WINDOWS\system32\getuname.dll
2008-10-22 15:50:34 ----A---- C:\WINDOWS\system32\charmap.exe
2008-10-22 15:50:33 ----A---- C:\WINDOWS\system32\winmine.exe
2008-10-22 15:50:33 ----A---- C:\WINDOWS\system32\sol.exe
2008-10-22 15:50:33 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-10-22 15:50:33 ----A---- C:\WINDOWS\system32\calc.exe
2008-10-22 15:50:32 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2008-10-22 15:50:32 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-10-22 15:50:32 ----A---- C:\WINDOWS\system32\tslabels.ini
2008-10-22 15:50:32 ----A---- C:\WINDOWS\system32\tskill.exe
2008-10-22 15:50:32 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-10-22 15:50:32 ----A---- C:\WINDOWS\system32\tscon.exe
2008-10-22 15:50:32 ----A---- C:\WINDOWS\system32\shadow.exe
2008-10-22 15:50:32 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-10-22 15:50:32 ----A---- C:\WINDOWS\system32\reset.exe
2008-10-22 15:50:32 ----A---- C:\WINDOWS\system32\regini.exe
2008-10-22 15:50:32 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-10-22 15:50:32 ----A---- C:\WINDOWS\system32\freecell.exe
2008-10-22 15:50:31 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-10-22 15:50:31 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-10-22 15:50:31 ----A---- C:\WINDOWS\system32\msg.exe
2008-10-22 15:50:31 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2008-10-22 15:50:31 ----A---- C:\WINDOWS\system32\logoff.exe
2008-10-22 15:50:31 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-10-22 15:50:30 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-10-22 15:50:30 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-10-22 15:50:30 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-10-22 15:50:30 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-10-22 15:50:29 ----A---- C:\WINDOWS\system32\stclient.dll
2008-10-22 15:50:29 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-10-22 15:50:29 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-10-22 15:50:29 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-10-22 15:50:24 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2008-10-22 15:50:15 ----D---- C:\Program Files\MSN
2008-10-22 15:50:14 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-10-22 15:50:14 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-10-22 15:50:14 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-10-22 15:50:13 ----D---- C:\Program Files\Windows NT
2008-10-22 15:50:13 ----A---- C:\WINDOWS\system32\spider.exe
2008-10-22 15:50:13 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-10-22 15:50:13 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-10-22 15:50:13 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-10-22 15:50:12 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-10-22 15:50:12 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-10-22 15:50:12 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-10-22 15:50:11 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2008-10-22 15:50:11 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-10-22 15:50:11 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-10-22 15:50:11 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-10-22 15:50:11 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-10-22 15:50:11 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-10-22 15:50:11 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-10-22 15:50:11 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-10-22 15:50:11 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-10-22 15:50:11 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-10-22 15:50:11 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-10-22 15:50:10 ----D---- C:\WINDOWS\system32\MsDtc
2008-10-22 15:50:10 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-10-22 15:50:10 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-10-22 15:50:10 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-10-22 15:50:10 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-10-22 15:50:10 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-10-22 15:50:09 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-10-22 15:50:09 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-10-22 15:50:09 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-10-22 15:50:09 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-10-22 15:50:08 ----D---- C:\WINDOWS\system32\Com
2008-10-22 15:50:08 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-10-22 15:50:08 ----A---- C:\WINDOWS\system32\colbact.dll
2008-10-22 15:50:08 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-10-22 15:50:08 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-10-22 15:50:08 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-10-22 15:50:08 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-10-22 15:50:07 ----A---- C:\WINDOWS\system32\comuid.dll
2008-10-22 15:50:07 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-10-22 15:50:01 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-10-22 15:50:01 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-10-22 15:50:01 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-10-22 15:50:01 ----A---- C:\WINDOWS\system32\cmprops.dll
2008-10-22 08:49:18 ----A---- C:\WINDOWS\system32\h323log.txt
2008-10-22 08:23:03 ----A---- C:\WINDOWS\system32\usbui.dll
2008-10-22 08:22:13 ----A---- C:\WINDOWS\imsins.BAK
2008-10-22 08:22:10 ----SHD---- C:\WINDOWS\Installer
2008-10-22 08:22:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-22 08:22:09 ----D---- C:\Program Files\Common Files\ODBC
2008-10-22 08:22:09 ----A---- C:\WINDOWS\ODBCINST.INI
2008-10-22 08:22:06 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-10-22 08:22:06 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-22 08:22:06 ----D---- C:\Program Files\Common Files
2008-10-22 08:22:06 ----D---- C:\Program Files
2008-10-22 08:22:03 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2008-10-22 08:22:03 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2008-10-22 08:22:03 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2008-10-22 08:22:01 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2008-10-22 08:22:01 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2008-10-22 08:22:01 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2008-10-22 08:22:01 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2008-10-22 08:22:00 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2008-10-22 08:22:00 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2008-10-22 08:22:00 ----RA---- C:\WINDOWS\system32\kbdur.dll
2008-10-22 08:22:00 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2008-10-22 08:22:00 ----RA---- C:\WINDOWS\system32\kbdru.dll
2008-10-22 08:22:00 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2008-10-22 08:22:00 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2008-10-22 08:22:00 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2008-10-22 08:21:58 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2008-10-22 08:21:58 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2008-10-22 08:21:58 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2008-10-22 08:21:58 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2008-10-22 08:21:58 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2008-10-22 08:21:58 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2008-10-22 08:21:58 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2008-10-22 08:21:57 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2008-10-22 08:21:57 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2008-10-22 08:21:57 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2008-10-22 08:21:57 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2008-10-22 08:21:57 ----RA---- C:\WINDOWS\system32\kbdest.dll
2008-10-22 08:21:54 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2008-10-22 08:21:54 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2008-10-22 08:21:54 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2008-10-22 08:21:54 ----RA---- C:\WINDOWS\system32\kbdro.dll
2008-10-22 08:21:54 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2008-10-22 08:21:54 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2008-10-22 08:21:54 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2008-10-22 08:21:54 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2008-10-22 08:21:54 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2008-10-22 08:21:54 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2008-10-22 08:21:54 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2008-10-22 08:21:54 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2008-10-22 08:21:54 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2008-10-22 08:21:52 ----A---- C:\WINDOWS\system32\irclass.dll
2008-10-22 08:21:52 ----A---- C:\WINDOWS\system32\dgsetup.dll
2008-10-22 08:21:52 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-10-22 08:21:51 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-10-22 08:21:51 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-10-22 08:21:49 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2008-10-22 08:21:49 ----A---- C:\WINDOWS\TASKMAN.EXE
2008-10-22 08:21:48 ----A---- C:\WINDOWS\system32\batt.dll
2008-10-22 08:21:47 ----A---- C:\WINDOWS\system32\storprop.dll
2008-10-22 08:21:47 ----A---- C:\WINDOWS\NOTEPAD.EXE
2008-10-22 08:21:40 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-10-22 08:21:36 ----RA---- C:\WINDOWS\SET8.tmp
2008-10-22 08:21:33 ----RA---- C:\WINDOWS\SET4.tmp
2008-10-22 08:21:32 ----RA---- C:\WINDOWS\SET3.tmp
2008-10-22 08:21:28 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-22 08:21:28 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-22 08:21:22 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-22 08:21:04 ----A---- C:\WINDOWS\setuplog.txt
2008-10-22 08:21:01 ----D---- C:\Documents and Settings
2008-10-22 08:19:56 ----SH---- C:\boot.ini
2008-10-22 08:19:14 ----SHD---- C:\System Volume Information
2008-10-22 08:16:00 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-22 08:16:00 ----RSD---- C:\WINDOWS\Fonts
2008-10-22 08:16:00 ----RD---- C:\WINDOWS\Web
2008-10-22 08:16:00 ----HD---- C:\WINDOWS\inf
2008-10-22 08:16:00 ----D---- C:\WINDOWS\WinSxS
2008-10-22 08:16:00 ----D---- C:\WINDOWS\twain_32
2008-10-22 08:16:00 ----D---- C:\WINDOWS\Temp
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\wins
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\wbem
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\usmt
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\spool
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\ShellExt
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\Setup
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\ras
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\oobe
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\npp
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\mui
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\inetsrv
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\IME
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\icsxml
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\ias
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\export
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\drivers
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\dhcp
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\config
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\3com_dmi
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\3076
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\2052
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\1054
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\1042
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\1041
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\1037
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\1033
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\1031
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\1028
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\1025
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system
2008-10-22 08:16:00 ----D---- C:\WINDOWS\security
2008-10-22 08:16:00 ----D---- C:\WINDOWS\Resources
2008-10-22 08:16:00 ----D---- C:\WINDOWS\repair
2008-10-22 08:16:00 ----D---- C:\WINDOWS\Provisioning
2008-10-22 08:16:00 ----D---- C:\WINDOWS\PeerNet
2008-10-22 08:16:00 ----D---- C:\WINDOWS\pchealth
2008-10-22 08:16:00 ----D---- C:\WINDOWS\mui
2008-10-22 08:16:00 ----D---- C:\WINDOWS\msapps
2008-10-22 08:16:00 ----D---- C:\WINDOWS\msagent
2008-10-22 08:16:00 ----D---- C:\WINDOWS\Media
2008-10-22 08:16:00 ----D---- C:\WINDOWS\java
2008-10-22 08:16:00 ----D---- C:\WINDOWS\ime
2008-10-22 08:16:00 ----D---- C:\WINDOWS\Help
2008-10-22 08:16:00 ----D---- C:\WINDOWS\ehome
2008-10-22 08:16:00 ----D---- C:\WINDOWS\Driver Cache
2008-10-22 08:16:00 ----D---- C:\WINDOWS\Debug
2008-10-22 08:16:00 ----D---- C:\WINDOWS\Cursors
2008-10-22 08:16:00 ----D---- C:\WINDOWS\Connection Wizard
2008-10-22 08:16:00 ----D---- C:\WINDOWS\Config
2008-10-22 08:16:00 ----D---- C:\WINDOWS\AppPatch
2008-10-22 08:16:00 ----D---- C:\WINDOWS\addins
2008-10-22 08:16:00 ----D---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2008-10-22 15:54:17 ----A---- C:\WINDOWS\win.ini
2008-10-22 08:22:05 ----A---- C:\WINDOWS\system.ini
2008-10-15 09:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2008-10-22 821856]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2008-10-22 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2008-10-22 27776]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2008-10-22 10760]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096]
R2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2008-10-22 4960]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-08-28 4609024]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-14 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-08-27 6811168]
R3 SiSGbeXP;SiS191/SiS190 Ethernet Device NDIS 5.1 Driver; C:\WINDOWS\system32\DRIVERS\SiSGbeXP.sys [2006-12-19 41600]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S2 lnrpstwv;lnrpstwv; \??\C:\WINDOWS\system32\drivers\lnrpstwv.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-03 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe [2008-10-22 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe [2008-10-22 49664]
R2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVG7\avgemc.exe [2008-10-22 406528]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-08-27 155716]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-10-23 654848]
S2 AlerterNetlogon;Alerter AlerterNetlogon; C:\WINDOWS\system32\wpv6860.cpx srv []
S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe [2008-01-18 24635]
S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe [2008-04-17 5750784]

-----------------EOF-----------------
ryan_c
Active Member
 
Posts: 8
Joined: October 24th, 2008, 4:27 am

Re: Please help me clean my PC

Unread postby Shaba » October 29th, 2008, 4:55 am

Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code: Select all
    :files
    C:\Documents and Settings\Jeffrey Torres\Application Data\uTorrent
    C:\WINDOWS\system32\adsnwz.dll
    C:\q3v.com
    C:\WINDOWS\system32\wedasgads1.dll
    C:\uaacifr.cmd
    C:\WINDOWS\system32\wedasgads0.dll
    
    :services
    AlerterNetlogon
    lnrpstwv
    
    :commands
    [EmptyTemp]
    

  • Return to OTMoveIt3, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Re-run rsit.

Post:

- a fresh rsit log
- otmoveit3 report
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Please help me clean my PC

Unread postby ryan_c » October 30th, 2008, 10:58 pm

Here is the OTMoveIt logs


========== FILES ==========
C:\Documents and Settings\Jeffrey Torres\Application Data\uTorrent moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\adsnwz.dll
C:\WINDOWS\system32\adsnwz.dll NOT unregistered.
C:\WINDOWS\system32\adsnwz.dll moved successfully.
C:\q3v.com moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wedasgads1.dll
C:\WINDOWS\system32\wedasgads1.dll NOT unregistered.
C:\WINDOWS\system32\wedasgads1.dll moved successfully.
C:\uaacifr.cmd moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wedasgads0.dll
C:\WINDOWS\system32\wedasgads0.dll NOT unregistered.
C:\WINDOWS\system32\wedasgads0.dll moved successfully.
========== SERVICES/DRIVERS ==========
Service AlerterNetlogon stopped successfully.
Service AlerterNetlogon deleted successfully.
Service lnrpstwv stopped successfully.
Service lnrpstwv deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\JEFFRE~1\LOCALS~1\Temp\alm.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JEFFRE~1\LOCALS~1\Temp\amt.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JEFFRE~1\LOCALS~1\Temp\etilqs_beNovRbsoiMbZXW6rza4 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JEFFRE~1\LOCALS~1\Temp\Photoshop Temp102273548 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
File delete failed. C:\Documents and Settings\Jeffrey Torres\Local Settings\Application Data\Mozilla\Firefox\Profiles\6vjw8a1x.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jeffrey Torres\Local Settings\Application Data\Mozilla\Firefox\Profiles\6vjw8a1x.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jeffrey Torres\Local Settings\Application Data\Mozilla\Firefox\Profiles\6vjw8a1x.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jeffrey Torres\Local Settings\Application Data\Mozilla\Firefox\Profiles\6vjw8a1x.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jeffrey Torres\Local Settings\Application Data\Mozilla\Firefox\Profiles\6vjw8a1x.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jeffrey Torres\Local Settings\Application Data\Mozilla\Firefox\Profiles\6vjw8a1x.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10312008_091649

Files moved on Reboot...
C:\DOCUME~1\JEFFRE~1\LOCALS~1\Temp\alm.log moved successfully.
C:\DOCUME~1\JEFFRE~1\LOCALS~1\Temp\amt.log moved successfully.
File C:\DOCUME~1\JEFFRE~1\LOCALS~1\Temp\etilqs_beNovRbsoiMbZXW6rza4 not found!
File C:\DOCUME~1\JEFFRE~1\LOCALS~1\Temp\Photoshop Temp102273548 not found!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
C:\Documents and Settings\Jeffrey Torres\Local Settings\Application Data\Mozilla\Firefox\Profiles\6vjw8a1x.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Jeffrey Torres\Local Settings\Application Data\Mozilla\Firefox\Profiles\6vjw8a1x.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Jeffrey Torres\Local Settings\Application Data\Mozilla\Firefox\Profiles\6vjw8a1x.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Jeffrey Torres\Local Settings\Application Data\Mozilla\Firefox\Profiles\6vjw8a1x.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Jeffrey Torres\Local Settings\Application Data\Mozilla\Firefox\Profiles\6vjw8a1x.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Jeffrey Torres\Local Settings\Application Data\Mozilla\Firefox\Profiles\6vjw8a1x.default\XUL.mfl moved successfully.



Here is the RSIT log thanks


Logfile of random's system information tool 1.04 (written by random/random)
Run by Jeffrey Torres at 2008-10-31 09:29:22
Microsoft Windows XP Professional Service Pack 2
System drive C: has 28 GB (71%) free of 40 GB
Total RAM: 1023 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:29:29 AM, on 10/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9LE.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Jeffrey Torres\Desktop\RSIT(2).exe
C:\Program Files\trend micro\Jeffrey Torres.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [\RODEL\EPSON Stylus Photo R1800] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9LE.EXE /P32 "\\RODEL\EPSON Stylus Photo R1800" /O6 "USB001" /M "Stylus Photo R1800"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\RunOnce: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfpconfg.exe" -z -o
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs:
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe

--
End of file - 6392 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 321120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2007-08-02 1826816]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-08-20 16384512]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-08-27 8466432]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-08-27 81920]
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe [2008-10-23 590848]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2006-10-22 620152]
""= []
"Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1884160]
"\RODEL\EPSON Stylus Photo R1800"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9LE.EXE [2004-09-08 98304]
"COMODO Firewall Pro"=C:\Program Files\COMODO\Firewall\cfp.exe -h []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"COMODO Firewall Pro"=C:\Program Files\COMODO\Firewall\cfpconfg.exe -z -o []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe
Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aliserv.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aliserv.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableCMD"=0
"DisableTaskMgr"=0
"NoDispCpl"=0
"NoDispSettingsPage"=0
"NoDispAppearancePage"=0
"NoDispScrSavPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCMD"=0
"DisableTaskMgr"=0
"NoDispCpl"=0
"NoDispSettingsPage"=0
"NoDispAppearancePage"=0
"NoDispScrSavPage"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=223
"RestrictRun"=0
"NoFolderOptions"=0
"NoRun"=0
"NoFind"=0
"NoDesktop"=0
"NoStartMenuEjectPC"=0
"NoSimpleStartMenu"=0
"NoWindowsUpdate"=0
"NoStartMenuMyMusic"=0
"NoSMMyPictures"=0
"NoFavoritesMenu"=0
"NoResolveSearch"=0
"NoResolveTrack"=0
"StartMenuLogoff"=0
"NoClose"=0
"NoInstrumentation"=0
"NoUserNameInStartMenu"=0
"EnforceShellExtensionSecurity"=0
"NoActiveDesktop"=0
"NoActiveDesktopChanges"=0
"NoDrives"=0
"NoFileAssociate"=0
"NoSetFolders"=0
"NoViewContextMenu"=0
"NoTrayContextMenu"=0
"RestrictCpl"=0
"NoStartMenuMorePrograms"=0
"NoThemesTab"=0
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoFolderOptions"=
"NoRun"=
"NoFind"=
"RestrictRun"=
"NoDriveTypeAutoRun"=
"NoDesktop"=
"NoStartMenuEjectPC"=
"NoSimpleStartMenu"=
"NoWindowsUpdate"=
"NoStartMenuMyMusic"=
"NoSMMyPictures"=
"NoFavoritesMenu"=
"NoResolveSearch"=
"NoResolveTrack"=
"StartMenuLogoff"=
"NoClose"=
"NoInstrumentation"=
"NoUserNameInStartMenu"=
"EnforceShellExtensionSecurity"=
"NoActiveDesktop"=
"NoActiveDesktopChanges"=
"NoDrives"=
"NoFileAssociate"=
"NoSetFolders"=
"NoViewContextMenu"=
"NoTrayContextMenu"=
"RestrictCpl"=
"NoThemesTab"=
"ForceActiveDesktopOn"=
"NoStartMenuMorePrograms"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Grisoft\AVG7\avgemc.exe"="C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\A]
shell\explore\command - "%1" %*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\B]
shell\explore\command - "%1" %*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
shell\explore\command - "%1" %*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\explore\command - "%1" %*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\explore\command - "%1" %*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\explore\command - "%1" %*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\explore\command - "%1" %*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
shell\explore\command - "%1" %*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
shell\explore\command - "%1" %*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
shell\explore\command - "%1" %*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
shell\explore\command - "%1" %*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
shell\explore\command - "%1" %*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
shell\explore\command - "%1" %*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\N]
shell\explore\command - "%1" %*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\O]
shell\explore\command - "%1" %*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\P]
shell\explore\command - "%1" %*


======File associations======

.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2008-10-31 09:16:49 ----D---- C:\_OTMoveIt
2008-10-27 13:04:32 ----A---- C:\WINDOWS\unvise32.exe
2008-10-27 13:04:30 ----D---- C:\Program Files\SWiSHmax
2008-10-27 10:37:33 ----D---- C:\Program Files\7-Zip
2008-10-27 09:24:57 ----D---- C:\WINDOWS\system32\appmgmt
2008-10-27 09:12:36 ----D---- C:\wamp
2008-10-25 17:55:41 ----D---- C:\rsit
2008-10-25 11:43:16 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-10-24 18:11:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-24 18:11:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-24 18:11:10 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-24 18:11:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-24 18:11:03 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
2008-10-24 18:11:00 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-24 18:10:57 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-24 18:10:53 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-24 18:10:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-24 18:10:46 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-24 18:10:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-24 18:10:35 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-24 18:10:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-10-24 18:10:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-24 18:10:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-24 18:10:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-10-24 18:10:12 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2008-10-24 18:10:07 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-24 18:10:04 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-24 18:09:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-10-24 18:09:46 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-10-24 17:04:37 ----D---- C:\WINDOWS\system32\PreInstall
2008-10-24 17:04:35 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-10-24 17:04:35 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-24 16:25:33 ----D---- C:\Documents and Settings\Jeffrey Torres\Application Data\Comodo
2008-10-24 16:25:31 ----D---- C:\Program Files\COMODO
2008-10-24 16:00:41 ----D---- C:\SDFix
2008-10-24 15:34:11 ----D---- C:\Program Files\Trend Micro
2008-10-24 15:10:07 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-10-24 10:46:15 ----RHD---- C:\$VAULT$.AVG
2008-10-23 16:40:28 ----D---- C:\WINDOWS\Minidump
2008-10-23 15:03:25 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-23 15:03:25 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-23 14:51:49 ----D---- C:\Documents and Settings\Jeffrey Torres\Application Data\Malwarebytes
2008-10-23 14:51:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-23 14:51:44 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-23 11:32:55 ----D---- C:\WINDOWS\pss
2008-10-23 11:21:22 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-23 10:11:18 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-10-23 09:55:38 ----D---- C:\Documents and Settings\Jeffrey Torres\Application Data\Macromedia
2008-10-23 09:54:22 ----D---- C:\Program Files\Common Files\Control Panels
2008-10-23 09:52:42 ----D---- C:\Documents and Settings\All Users\Application Data\ALM
2008-10-23 09:43:44 ----D---- C:\Program Files\QuickTime
2008-10-23 09:33:14 ----A---- C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-10-23 09:33:14 ----A---- C:\WINDOWS\system32\NPSWF32.dll
2008-10-23 09:24:35 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-10-23 09:13:11 ----D---- C:\Program Files\Bonjour
2008-10-23 09:07:36 ----D---- C:\Program Files\Adobe
2008-10-23 09:04:03 ----D---- C:\Program Files\Common Files\Macrovision Shared
2008-10-23 09:03:20 ----D---- C:\Documents and Settings\Jeffrey Torres\Application Data\Adobe
2008-10-23 09:01:36 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-10-23 09:01:26 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-10-23 09:01:06 ----D---- C:\Program Files\Common Files\Adobe
2008-10-22 18:00:43 ----D---- C:\Documents and Settings\Jeffrey Torres\Application Data\Mozilla
2008-10-22 18:00:30 ----D---- C:\Program Files\Mozilla Firefox
2008-10-22 17:56:21 ----D---- C:\Documents and Settings\Jeffrey Torres\Application Data\AVG7
2008-10-22 17:56:12 ----A---- C:\WINDOWS\system32\msvcr71.dll
2008-10-22 17:56:12 ----A---- C:\WINDOWS\system32\msvcp71.dll
2008-10-22 17:56:04 ----D---- C:\Program Files\Grisoft
2008-10-22 17:56:04 ----D---- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-10-22 17:56:04 ----D---- C:\Documents and Settings\All Users\Application Data\avg7
2008-10-22 17:19:58 ----SHD---- C:\RECYCLER
2008-10-22 17:08:43 ----D---- C:\Documents and Settings\All Users\Application Data\EPSON
2008-10-22 17:03:23 ----D---- C:\Program Files\EPSON
2008-10-22 16:47:44 ----D---- C:\Program Files\Kaspersky Lab
2008-10-22 16:46:36 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-22 16:36:55 ----D---- C:\WINDOWS\nview
2008-10-22 16:36:54 ----A---- C:\WINDOWS\system32\nvudisp.exe
2008-10-22 16:36:01 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2008-10-22 16:29:25 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-22 16:29:21 ----A---- C:\WINDOWS\Ascd_tmp.ini
2008-10-22 16:28:36 ----R---- C:\WINDOWS\Alcmtr.exe
2008-10-22 16:25:35 ----D---- C:\WINDOWS\ASUSInstAll
2008-10-22 16:25:04 ----A---- C:\WINDOWS\Ascd_log.ini
2008-10-22 16:20:06 ----R---- C:\WINDOWS\system32\ChCfg.exe
2008-10-22 16:19:53 ----R---- C:\WINDOWS\SoundMan.exe
2008-10-22 16:19:53 ----R---- C:\WINDOWS\SkyTel.exe
2008-10-22 16:19:52 ----R---- C:\WINDOWS\RtlUpd.exe
2008-10-22 16:19:49 ----R---- C:\WINDOWS\RTLCPL.exe
2008-10-22 16:19:43 ----R---- C:\WINDOWS\RTHDCPL.exe
2008-10-22 16:19:42 ----R---- C:\WINDOWS\MicCal.exe
2008-10-22 16:19:40 ----R---- C:\WINDOWS\alcwzrd.exe
2008-10-22 16:19:39 ----D---- C:\Program Files\Realtek
2008-10-22 16:19:38 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-22 16:19:32 ----R---- C:\WINDOWS\RtlExUpd.dll
2008-10-22 16:14:58 ----D---- C:\WINDOWS\system32\Lang
2008-10-22 16:07:38 ----A---- C:\WINDOWS\system32\difxapi.dll
2008-10-22 16:07:37 ----D---- C:\WINDOWS\vnDrvBas
2008-10-22 16:06:02 ----A---- C:\WINDOWS\AS_Debug.txt
2008-10-22 16:05:22 ----D---- C:\WINDOWS\system32\RTCOM
2008-10-22 16:05:20 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-10-22 16:04:55 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-10-22 16:04:54 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
2008-10-22 16:04:29 ----A---- C:\WINDOWS\HideWin.exe
2008-10-22 16:04:25 ----D---- C:\Program Files\Common Files\InstallShield
2008-10-22 15:59:58 ----D---- C:\Documents and Settings\Jeffrey Torres\Application Data\Identities
2008-10-22 15:59:56 ----HD---- C:\Program Files\Uninstall Information
2008-10-22 15:59:51 ----ASH---- C:\Documents and Settings\Jeffrey Torres\Application Data\desktop.ini
2008-10-22 15:59:50 ----SD---- C:\Documents and Settings\Jeffrey Torres\Application Data\Microsoft
2008-10-22 15:57:55 ----D---- C:\WINDOWS\SoftwareDistribution
2008-10-22 15:57:53 ----D---- C:\WINDOWS\Prefetch
2008-10-22 15:57:52 ----SD---- C:\WINDOWS\system32\Microsoft
2008-10-22 15:57:52 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-22 15:54:32 ----D---- C:\WINDOWS\system32\xircom
2008-10-22 15:54:32 ----D---- C:\Program Files\xerox
2008-10-22 15:54:32 ----D---- C:\Program Files\microsoft frontpage
2008-10-22 15:54:17 ----A---- C:\WINDOWS\control.ini
2008-10-22 15:54:17 ----A---- C:\AUTOEXEC.BAT
2008-10-22 15:54:07 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-22 15:54:04 ----A---- C:\WINDOWS\system32\mapi32.dll
2008-10-22 15:53:19 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-22 15:53:19 ----RD---- C:\WINDOWS\Offline Web Pages
2008-10-22 15:53:19 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-10-22 15:53:13 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-10-22 15:53:09 ----HD---- C:\Program Files\WindowsUpdate
2008-10-22 15:52:51 ----D---- C:\WINDOWS\system32\DirectX
2008-10-22 15:52:31 ----A---- C:\WINDOWS\system32\atrace.dll
2008-10-22 15:52:29 ----A---- C:\WINDOWS\system32\desktop.ini
2008-10-22 15:52:29 ----A---- C:\WINDOWS\desktop.ini
2008-10-22 15:52:22 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-10-22 15:52:20 ----D---- C:\Program Files\Common Files\Services
2008-10-22 15:52:20 ----A---- C:\WINDOWS\system32\acctres.dll
2008-10-22 15:52:17 ----SD---- C:\WINDOWS\Tasks
2008-10-22 15:52:17 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-10-22 15:52:16 ----D---- C:\Program Files\Common Files\MSSoap
2008-10-22 15:52:13 ----D---- C:\WINDOWS\srchasst
2008-10-22 15:52:12 ----D---- C:\WINDOWS\system32\Macromed
2008-10-22 15:52:09 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-22 15:52:09 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-22 15:52:09 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-10-22 15:52:09 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2008-10-22 15:52:08 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-22 15:52:08 ----A---- C:\WINDOWS\system32\wuaueng.dll.wusetup.6286281.bak
2008-10-22 15:52:08 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-22 15:52:08 ----A---- C:\WINDOWS\system32\wuaucpl.cpl.wusetup.6286062.bak
2008-10-22 15:52:08 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2008-10-22 15:52:08 ----A---- C:\WINDOWS\system32\wuauclt.exe.wusetup.6285875.bak
2008-10-22 15:52:08 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-22 15:52:08 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-22 15:52:08 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2008-10-22 15:52:08 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2008-10-22 15:52:07 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-10-22 15:52:07 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-10-22 15:52:05 ----D---- C:\Program Files\Movie Maker
2008-10-22 15:52:00 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-10-22 15:52:00 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-10-22 15:52:00 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-10-22 15:52:00 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-10-22 15:51:57 ----D---- C:\WINDOWS\system32\Restore
2008-10-22 15:51:57 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-10-22 15:51:57 ----A---- C:\WINDOWS\system32\fltMc.exe
2008-10-22 15:51:57 ----A---- C:\WINDOWS\system32\fltlib.dll
2008-10-22 15:51:56 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-10-22 15:51:56 ----A---- C:\WINDOWS\system32\srclient.dll
2008-10-22 15:51:56 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-10-22 15:51:56 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-10-22 15:51:56 ----A---- C:\WINDOWS\system32\ils.dll
2008-10-22 15:51:55 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-10-22 15:51:55 ----A---- C:\WINDOWS\system32\msconf.dll
2008-10-22 15:51:55 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-10-22 15:51:53 ----D---- C:\Program Files\NetMeeting
2008-10-22 15:51:53 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-10-22 15:51:52 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-10-22 15:51:52 ----A---- C:\WINDOWS\system32\inetres.dll
2008-10-22 15:51:51 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-10-22 15:51:50 ----D---- C:\Program Files\Outlook Express
2008-10-22 15:51:50 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-10-22 15:51:49 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-10-22 15:51:49 ----A---- C:\WINDOWS\system32\mstask.dll
2008-10-22 15:51:49 ----A---- C:\WINDOWS\system32\isign32.dll
2008-10-22 15:51:49 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-10-22 15:51:49 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-10-22 15:51:49 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-10-22 15:51:43 ----D---- C:\Program Files\Common Files\System
2008-10-22 15:51:40 ----D---- C:\Program Files\Internet Explorer
2008-10-22 15:51:11 ----D---- C:\Program Files\ComPlus Applications
2008-10-22 15:51:10 ----A---- C:\WINDOWS\vbaddin.ini
2008-10-22 15:51:10 ----A---- C:\WINDOWS\vb.ini
2008-10-22 15:51:06 ----D---- C:\WINDOWS\Registration
2008-10-22 15:50:59 ----D---- C:\Program Files\Windows Media Player
2008-10-22 15:50:59 ----D---- C:\Program Files\Online Services
2008-10-22 15:50:55 ----D---- C:\Program Files\Messenger
2008-10-22 15:50:51 ----D---- C:\Program Files\MSN Gaming Zone
2008-10-22 15:50:51 ----A---- C:\WINDOWS\system32\write.exe
2008-10-22 15:50:42 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-10-22 15:50:42 ----A---- C:\WINDOWS\system32\hticons.dll
2008-10-22 15:50:42 ----A---- C:\WINDOWS\system32\avwav.dll
2008-10-22 15:50:42 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-10-22 15:50:41 ----A---- C:\WINDOWS\system32\winchat.exe
2008-10-22 15:50:41 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-10-22 15:50:34 ----A---- C:\WINDOWS\system32\getuname.dll
2008-10-22 15:50:34 ----A---- C:\WINDOWS\system32\charmap.exe
2008-10-22 15:50:33 ----A---- C:\WINDOWS\system32\winmine.exe
2008-10-22 15:50:33 ----A---- C:\WINDOWS\system32\sol.exe
2008-10-22 15:50:33 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-10-22 15:50:33 ----A---- C:\WINDOWS\system32\calc.exe
2008-10-22 15:50:32 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2008-10-22 15:50:32 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-10-22 15:50:32 ----A---- C:\WINDOWS\system32\tslabels.ini
2008-10-22 15:50:32 ----A---- C:\WINDOWS\system32\tskill.exe
2008-10-22 15:50:32 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-10-22 15:50:32 ----A---- C:\WINDOWS\system32\tscon.exe
2008-10-22 15:50:32 ----A---- C:\WINDOWS\system32\shadow.exe
2008-10-22 15:50:32 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-10-22 15:50:32 ----A---- C:\WINDOWS\system32\reset.exe
2008-10-22 15:50:32 ----A---- C:\WINDOWS\system32\regini.exe
2008-10-22 15:50:32 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-10-22 15:50:32 ----A---- C:\WINDOWS\system32\freecell.exe
2008-10-22 15:50:31 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-10-22 15:50:31 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-10-22 15:50:31 ----A---- C:\WINDOWS\system32\msg.exe
2008-10-22 15:50:31 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2008-10-22 15:50:31 ----A---- C:\WINDOWS\system32\logoff.exe
2008-10-22 15:50:31 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-10-22 15:50:30 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-10-22 15:50:30 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-10-22 15:50:30 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-10-22 15:50:30 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-10-22 15:50:29 ----A---- C:\WINDOWS\system32\stclient.dll
2008-10-22 15:50:29 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-10-22 15:50:29 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-10-22 15:50:29 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-10-22 15:50:24 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2008-10-22 15:50:15 ----D---- C:\Program Files\MSN
2008-10-22 15:50:14 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-10-22 15:50:14 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-10-22 15:50:14 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-10-22 15:50:13 ----D---- C:\Program Files\Windows NT
2008-10-22 15:50:13 ----A---- C:\WINDOWS\system32\spider.exe
2008-10-22 15:50:13 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-10-22 15:50:13 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-10-22 15:50:13 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-10-22 15:50:12 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-10-22 15:50:12 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-10-22 15:50:12 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-10-22 15:50:11 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2008-10-22 15:50:11 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-10-22 15:50:11 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-10-22 15:50:11 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-10-22 15:50:11 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-10-22 15:50:11 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-10-22 15:50:11 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-10-22 15:50:11 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-10-22 15:50:11 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-10-22 15:50:11 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-10-22 15:50:11 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-10-22 15:50:10 ----D---- C:\WINDOWS\system32\MsDtc
2008-10-22 15:50:10 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-10-22 15:50:10 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-10-22 15:50:10 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-10-22 15:50:10 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-10-22 15:50:10 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-10-22 15:50:09 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-10-22 15:50:09 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-10-22 15:50:09 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-10-22 15:50:09 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-10-22 15:50:08 ----D---- C:\WINDOWS\system32\Com
2008-10-22 15:50:08 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-10-22 15:50:08 ----A---- C:\WINDOWS\system32\colbact.dll
2008-10-22 15:50:08 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-10-22 15:50:08 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-10-22 15:50:08 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-10-22 15:50:08 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-10-22 15:50:07 ----A---- C:\WINDOWS\system32\comuid.dll
2008-10-22 15:50:07 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-10-22 15:50:01 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-10-22 15:50:01 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-10-22 15:50:01 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-10-22 15:50:01 ----A---- C:\WINDOWS\system32\cmprops.dll
2008-10-22 08:49:18 ----A---- C:\WINDOWS\system32\h323log.txt
2008-10-22 08:23:03 ----A---- C:\WINDOWS\system32\usbui.dll
2008-10-22 08:22:13 ----A---- C:\WINDOWS\imsins.BAK
2008-10-22 08:22:10 ----SHD---- C:\WINDOWS\Installer
2008-10-22 08:22:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-22 08:22:09 ----D---- C:\Program Files\Common Files\ODBC
2008-10-22 08:22:09 ----A---- C:\WINDOWS\ODBCINST.INI
2008-10-22 08:22:06 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-10-22 08:22:06 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-22 08:22:06 ----D---- C:\Program Files\Common Files
2008-10-22 08:22:06 ----D---- C:\Program Files
2008-10-22 08:22:03 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2008-10-22 08:22:03 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2008-10-22 08:22:03 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2008-10-22 08:22:01 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2008-10-22 08:22:01 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2008-10-22 08:22:01 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2008-10-22 08:22:01 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2008-10-22 08:22:00 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2008-10-22 08:22:00 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2008-10-22 08:22:00 ----RA---- C:\WINDOWS\system32\kbdur.dll
2008-10-22 08:22:00 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2008-10-22 08:22:00 ----RA---- C:\WINDOWS\system32\kbdru.dll
2008-10-22 08:22:00 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2008-10-22 08:22:00 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2008-10-22 08:22:00 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2008-10-22 08:21:58 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2008-10-22 08:21:58 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2008-10-22 08:21:58 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2008-10-22 08:21:58 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2008-10-22 08:21:58 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2008-10-22 08:21:58 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2008-10-22 08:21:58 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2008-10-22 08:21:57 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2008-10-22 08:21:57 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2008-10-22 08:21:57 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2008-10-22 08:21:57 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2008-10-22 08:21:57 ----RA---- C:\WINDOWS\system32\kbdest.dll
2008-10-22 08:21:54 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2008-10-22 08:21:54 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2008-10-22 08:21:54 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2008-10-22 08:21:54 ----RA---- C:\WINDOWS\system32\kbdro.dll
2008-10-22 08:21:54 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2008-10-22 08:21:54 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2008-10-22 08:21:54 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2008-10-22 08:21:54 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2008-10-22 08:21:54 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2008-10-22 08:21:54 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2008-10-22 08:21:54 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2008-10-22 08:21:54 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2008-10-22 08:21:54 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2008-10-22 08:21:52 ----A---- C:\WINDOWS\system32\irclass.dll
2008-10-22 08:21:52 ----A---- C:\WINDOWS\system32\dgsetup.dll
2008-10-22 08:21:52 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-10-22 08:21:51 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-10-22 08:21:51 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-10-22 08:21:49 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2008-10-22 08:21:49 ----A---- C:\WINDOWS\TASKMAN.EXE
2008-10-22 08:21:48 ----A---- C:\WINDOWS\system32\batt.dll
2008-10-22 08:21:47 ----A---- C:\WINDOWS\system32\storprop.dll
2008-10-22 08:21:47 ----A---- C:\WINDOWS\NOTEPAD.EXE
2008-10-22 08:21:40 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-10-22 08:21:36 ----RA---- C:\WINDOWS\SET8.tmp
2008-10-22 08:21:33 ----RA---- C:\WINDOWS\SET4.tmp
2008-10-22 08:21:32 ----RA---- C:\WINDOWS\SET3.tmp
2008-10-22 08:21:28 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-22 08:21:28 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-22 08:21:22 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-22 08:21:04 ----A---- C:\WINDOWS\setuplog.txt
2008-10-22 08:21:01 ----D---- C:\Documents and Settings
2008-10-22 08:19:56 ----SH---- C:\boot.ini
2008-10-22 08:19:14 ----SHD---- C:\System Volume Information
2008-10-22 08:16:00 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-22 08:16:00 ----RSD---- C:\WINDOWS\Fonts
2008-10-22 08:16:00 ----RD---- C:\WINDOWS\Web
2008-10-22 08:16:00 ----HD---- C:\WINDOWS\inf
2008-10-22 08:16:00 ----D---- C:\WINDOWS\WinSxS
2008-10-22 08:16:00 ----D---- C:\WINDOWS\twain_32
2008-10-22 08:16:00 ----D---- C:\WINDOWS\Temp
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\wins
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\wbem
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\usmt
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\spool
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\ShellExt
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\Setup
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\ras
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\oobe
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\npp
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\mui
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\inetsrv
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\IME
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\icsxml
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\ias
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\export
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\drivers
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\dhcp
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\config
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\3com_dmi
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\3076
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\2052
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\1054
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\1042
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\1041
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\1037
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\1033
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\1031
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\1028
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32\1025
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system32
2008-10-22 08:16:00 ----D---- C:\WINDOWS\system
2008-10-22 08:16:00 ----D---- C:\WINDOWS\security
2008-10-22 08:16:00 ----D---- C:\WINDOWS\Resources
2008-10-22 08:16:00 ----D---- C:\WINDOWS\repair
2008-10-22 08:16:00 ----D---- C:\WINDOWS\Provisioning
2008-10-22 08:16:00 ----D---- C:\WINDOWS\PeerNet
2008-10-22 08:16:00 ----D---- C:\WINDOWS\pchealth
2008-10-22 08:16:00 ----D---- C:\WINDOWS\mui
2008-10-22 08:16:00 ----D---- C:\WINDOWS\msapps
2008-10-22 08:16:00 ----D---- C:\WINDOWS\msagent
2008-10-22 08:16:00 ----D---- C:\WINDOWS\Media
2008-10-22 08:16:00 ----D---- C:\WINDOWS\java
2008-10-22 08:16:00 ----D---- C:\WINDOWS\ime
2008-10-22 08:16:00 ----D---- C:\WINDOWS\Help
2008-10-22 08:16:00 ----D---- C:\WINDOWS\ehome
2008-10-22 08:16:00 ----D---- C:\WINDOWS\Driver Cache
2008-10-22 08:16:00 ----D---- C:\WINDOWS\Debug
2008-10-22 08:16:00 ----D---- C:\WINDOWS\Cursors
2008-10-22 08:16:00 ----D---- C:\WINDOWS\Connection Wizard
2008-10-22 08:16:00 ----D---- C:\WINDOWS\Config
2008-10-22 08:16:00 ----D---- C:\WINDOWS\AppPatch
2008-10-22 08:16:00 ----D---- C:\WINDOWS\addins
2008-10-22 08:16:00 ----D---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2008-10-22 15:54:17 ----A---- C:\WINDOWS\win.ini
2008-10-22 08:22:05 ----A---- C:\WINDOWS\system.ini
2008-10-15 09:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2008-10-22 821856]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2008-10-22 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2008-10-22 27776]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2008-10-22 10760]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096]
R2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2008-10-22 4960]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-08-28 4609024]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-14 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-08-27 6811168]
R3 SiSGbeXP;SiS191/SiS190 Ethernet Device NDIS 5.1 Driver; C:\WINDOWS\system32\DRIVERS\SiSGbeXP.sys [2006-12-19 41600]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-03 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe [2008-10-22 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe [2008-10-22 49664]
R2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVG7\avgemc.exe [2008-10-22 406528]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-08-27 155716]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-10-23 654848]
S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe [2008-01-18 24635]
S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe [2008-04-17 5750784]

-----------------EOF-----------------
ryan_c
Active Member
 
Posts: 8
Joined: October 24th, 2008, 4:27 am

Re: Please help me clean my PC

Unread postby Shaba » October 31st, 2008, 5:29 am

Please go to Eset website to perform an online scan. Please use Internet Explorer as it uses ActiveX.

  1. Check (tick) this box: YES, I accept the Terms of Use.
  2. Click on the Start button next to it.
  3. When prompted to run ActiveX. click Yes.
  4. You will be asked to install an ActiveX. Click Install.
  5. Once installed, the scanner will be initialized.
  6. After the scanner is initialized, click Start.
  7. Uncheck (untick) Remove found threats box.
  8. Check (tick) Scan unwanted applications.
  9. Click on Scan.
  10. It will start scanning. Please be patient.
  11. Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Please help me clean my PC

Unread postby ryan_c » November 4th, 2008, 4:17 am

sorry for the late reply. Here is the log of eset


# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3580 (20081103)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=993ac1b38bed2e448e54d1fe5775d7ca
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-11-05 12:14:21
# local_time=2008-11-04 04:14:21 (-0800, Pacific Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=273475
# found=5
# scan_time=3486
D:\6.bat Win32/PSW.OnLineGames.NMY trojan BB230EFEAF6D6317F04368618AC823D2
D:\9h.bat Win32/PSW.OnLineGames.NNU trojan AE66F927DF7109CD03C2F1617B6B8804
D:\r.bat Win32/Pacex.Gen virus 00000000000000000000000000000000
D:\rqb0v2ot.bat Win32/Pacex.Gen virus 00000000000000000000000000000000
D:\desktop\Mp3\david cook always be my baby.mp3 WMA/TrojanDownloader.Wimad.N trojan 1A31AF52C42A4B385BFD1DC08CCDF7F2
ryan_c
Active Member
 
Posts: 8
Joined: October 24th, 2008, 4:27 am

Re: Please help me clean my PC

Unread postby Shaba » November 4th, 2008, 9:47 am

If you play any online games, I suggest that you change all passwords because you have password stealer.

Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code: Select all
    :files
    D:\6.bat 
    D:\9h.bat 
    D:\r.bat 
    D:\rqb0v2ot.bat 
    D:\desktop\Mp3\david cook always be my baby.mp3 
    
    :commands
    [EmptyTemp]
    

  • Return to OTMoveIt3, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Please help me clean my PC

Unread postby ryan_c » November 4th, 2008, 10:41 pm

Here are the logs of moveit


========== FILES ==========
D:\6.bat moved successfully.
D:\9h.bat moved successfully.
D:\r.bat moved successfully.
D:\rqb0v2ot.bat moved successfully.
D:\desktop\Mp3\david cook always be my baby.mp3 moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\JEFFRE~1\LOCALS~1\Temp\alm.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JEFFRE~1\LOCALS~1\Temp\amt.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JEFFRE~1\LOCALS~1\Temp\etilqs_TseeWUkvlAfQrKXbqDo5 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JEFFRE~1\LOCALS~1\Temp\lilo24048 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JEFFRE~1\LOCALS~1\Temp\lilo34048 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JEFFRE~1\LOCALS~1\Temp\lilo44048 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JEFFRE~1\LOCALS~1\Temp\lilo54048 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JEFFRE~1\LOCALS~1\Temp\lilo64048 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JEFFRE~1\LOCALS~1\Temp\lilo74048 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JEFFRE~1\LOCALS~1\Temp\lilo84048 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JEFFRE~1\LOCALS~1\Temp\lilo94048 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JEFFRE~1\LOCALS~1\Temp\Photoshop Temp112444048 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
File delete failed. C:\Documents and Settings\Jeffrey Torres\Local Settings\Application Data\Mozilla\Firefox\Profiles\6vjw8a1x.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jeffrey Torres\Local Settings\Application Data\Mozilla\Firefox\Profiles\6vjw8a1x.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jeffrey Torres\Local Settings\Application Data\Mozilla\Firefox\Profiles\6vjw8a1x.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jeffrey Torres\Local Settings\Application Data\Mozilla\Firefox\Profiles\6vjw8a1x.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jeffrey Torres\Local Settings\Application Data\Mozilla\Firefox\Profiles\6vjw8a1x.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jeffrey Torres\Local Settings\Application Data\Mozilla\Firefox\Profiles\6vjw8a1x.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11052008_103328

Files moved on Reboot...
C:\DOCUME~1\JEFFRE~1\LOCALS~1\Temp\alm.log moved successfully.
C:\DOCUME~1\JEFFRE~1\LOCALS~1\Temp\amt.log moved successfully.
File C:\DOCUME~1\JEFFRE~1\LOCALS~1\Temp\etilqs_TseeWUkvlAfQrKXbqDo5 not found!
File C:\DOCUME~1\JEFFRE~1\LOCALS~1\Temp\lilo24048 not found!
File C:\DOCUME~1\JEFFRE~1\LOCALS~1\Temp\lilo34048 not found!
File C:\DOCUME~1\JEFFRE~1\LOCALS~1\Temp\lilo44048 not found!
File C:\DOCUME~1\JEFFRE~1\LOCALS~1\Temp\lilo54048 not found!
File C:\DOCUME~1\JEFFRE~1\LOCALS~1\Temp\lilo64048 not found!
File C:\DOCUME~1\JEFFRE~1\LOCALS~1\Temp\lilo74048 not found!
File C:\DOCUME~1\JEFFRE~1\LOCALS~1\Temp\lilo84048 not found!
File C:\DOCUME~1\JEFFRE~1\LOCALS~1\Temp\lilo94048 not found!
File C:\DOCUME~1\JEFFRE~1\LOCALS~1\Temp\Photoshop Temp112444048 not found!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
C:\Documents and Settings\Jeffrey Torres\Local Settings\Application Data\Mozilla\Firefox\Profiles\6vjw8a1x.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Jeffrey Torres\Local Settings\Application Data\Mozilla\Firefox\Profiles\6vjw8a1x.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Jeffrey Torres\Local Settings\Application Data\Mozilla\Firefox\Profiles\6vjw8a1x.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Jeffrey Torres\Local Settings\Application Data\Mozilla\Firefox\Profiles\6vjw8a1x.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Jeffrey Torres\Local Settings\Application Data\Mozilla\Firefox\Profiles\6vjw8a1x.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Jeffrey Torres\Local Settings\Application Data\Mozilla\Firefox\Profiles\6vjw8a1x.default\XUL.mfl moved successfully.
ryan_c
Active Member
 
Posts: 8
Joined: October 24th, 2008, 4:27 am

Re: Please help me clean my PC

Unread postby Shaba » November 5th, 2008, 5:12 am

That looks good :)

Still problems?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Please help me clean my PC

Unread postby ryan_c » November 6th, 2008, 9:06 pm

I think my pc is okay now. Thanks for the help!
ryan_c
Active Member
 
Posts: 8
Joined: October 24th, 2008, 4:27 am

Re: Please help me clean my PC

Unread postby Shaba » November 7th, 2008, 4:44 am

Nice to hear :)

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Next we remove all used tools.

You can delete RSIT and c:\rsit folder

Please download OTCleanIt and save it to desktop.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

  • Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and re-enable system restore here:

    Windows XP System Restore Guide

Re-enable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

  • Update your AntiVirus Software and keep your other programs up-to-date Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
    You can use one of these sites to check if any updates are needed for your pc.
    Secunia Software Inspector
    F-secure Health Check
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Install Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:

    Malwarebytes' Anti-Malware Setup Guide

    Malwarebytes' Anti-Malware Scanning Guide

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety


Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean! :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 67 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware